diff options
author | Rajamohan Raj <rajamohan.raj@intel.com> | 2020-06-18 14:55:42 -0700 |
---|---|---|
committer | Rajamohan Raj <rajamohan.raj@intel.com> | 2020-06-24 11:57:04 -0700 |
commit | 94bfc956f43bcaec29f2fc9844b9ca4c35d72260 (patch) | |
tree | bc5050f2e8c6c87672e06f8da319363745f49f8f /kud/tests/vnfs/comp-app/collection/app2/helm/prometheus-operator/templates/alertmanager/psp.yaml | |
parent | 819a687195ef9d6c8dd9753d366c0120886d7736 (diff) |
Integrate collectd, prometheus and grafana.
In this patch, made neccessary changes in collectd and prometheus
helm charts such that prometheus can pull data from collectd.
Prometheus GUI and Grafana GUI are verified as well.
Issue-ID: MULTICLOUD-1082
Signed-off-by: Rajamohan Raj <rajamohan.raj@intel.com>
Change-Id: I39b7e20f46aa789272be671056a76dd926701068
Diffstat (limited to 'kud/tests/vnfs/comp-app/collection/app2/helm/prometheus-operator/templates/alertmanager/psp.yaml')
-rwxr-xr-x | kud/tests/vnfs/comp-app/collection/app2/helm/prometheus-operator/templates/alertmanager/psp.yaml | 53 |
1 files changed, 53 insertions, 0 deletions
diff --git a/kud/tests/vnfs/comp-app/collection/app2/helm/prometheus-operator/templates/alertmanager/psp.yaml b/kud/tests/vnfs/comp-app/collection/app2/helm/prometheus-operator/templates/alertmanager/psp.yaml new file mode 100755 index 00000000..7c9949c2 --- /dev/null +++ b/kud/tests/vnfs/comp-app/collection/app2/helm/prometheus-operator/templates/alertmanager/psp.yaml @@ -0,0 +1,53 @@ +{{- if and .Values.alertmanager.enabled .Values.global.rbac.create .Values.global.rbac.pspEnabled }} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "prometheus-operator.fullname" . }}-alertmanager + namespace: {{ template "prometheus-operator.namespace" . }} + labels: + app: {{ template "prometheus-operator.name" . }}-alertmanager +{{- if .Values.global.rbac.pspAnnotations }} + annotations: +{{ toYaml .Values.global.rbac.pspAnnotations | indent 4 }} +{{- end }} +{{ include "prometheus-operator.labels" . | indent 4 }} +spec: + privileged: false + # Required to prevent escalations to root. + # allowPrivilegeEscalation: false + # This is redundant with non-root + disallow privilege escalation, + # but we can provide it for defense in depth. + #requiredDropCapabilities: + # - ALL + # Allow core volume types. + volumes: + - 'configMap' + - 'emptyDir' + - 'projected' + - 'secret' + - 'downwardAPI' + - 'persistentVolumeClaim' + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + # Permits the container to run with root privileges as well. + rule: 'RunAsAny' + seLinux: + # This policy assumes the nodes are using AppArmor rather than SELinux. + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + # Forbid adding the root group. + - min: 0 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + # Forbid adding the root group. + - min: 0 + max: 65535 + readOnlyRootFilesystem: false +{{- end }} + |